Debian 9 file system CIS-CAT hardening issues

I’m performing a CIS-CAT scan and I’m questioning the results of the scanner being poorly designed. Now I am running on Debian 9 which isn’t officially supported by the scanner but I can get it to run and I’ve implemented 95% of their requirements and can successfully scan using the following command:

sudo ./CIS-CAT.sh -f -D ignore.platform.mismatch=true -D include.csv.remediation=true -csv 

/bin has permissions of drwxr-x–x and they want me to remove execute for other, however if I "chmod o-x /bin" then a regular user cannot execute standard commands like "ls" Is there a different approach to this?

Same thing with the following: /dev /var/cache/man /run/systemd /run/dbus /run/sshd 

which have permissions of drwxr-xr-x. CIS-CAT wants me to remove other read and execute but it’s permissions get reset on reboot.